From owner-freebsd-net@FreeBSD.ORG  Mon Mar 18 21:32:25 2013
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by hub.freebsd.org (Postfix) with ESMTP id BB03A71B
 for <freebsd-net@freebsd.org>; Mon, 18 Mar 2013 21:32:25 +0000 (UTC)
 (envelope-from lists@rewt.org.uk)
Received: from abby.lhr1.as41113.net (hosted.mx.as41113.net [91.208.177.22])
 by mx1.freebsd.org (Postfix) with ESMTP id 776CBD03
 for <freebsd-net@freebsd.org>; Mon, 18 Mar 2013 21:32:23 +0000 (UTC)
Received: from [172.16.9.23] (bella.stf.rewt.org.uk [91.208.177.62])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 (Authenticated sender: joe@rewt.org.uk)
 by abby.lhr1.as41113.net (Postfix) with ESMTPSA id 3ZV9b74WDTz1JJ;
 Mon, 18 Mar 2013 21:32:19 +0000 (UTC)
Message-ID: <514787D8.6010207@rewt.org.uk>
Date: Mon, 18 Mar 2013 21:32:08 +0000
From: Joe Holden <lists@rewt.org.uk>
User-Agent: Thunderbird 2.0.0.24 (Windows/20100228)
MIME-Version: 1.0
To: Yoann Gini <yoann.gini@gmail.com>
Subject: Re: mpd5 and multiple route to send to clients
References: <9EC8E2D3-A52B-4FF1-B840-3D962DF8D917@gmail.com>
 <514665CD.80809@rewt.org.uk> <DA89EA18-0F70-4051-9368-5383F96E8D00@gmail.com>
 <51474D7D.2030107@rewt.org.uk>
 <065823BC-24A6-48EE-B689-310D01019998@gmail.com>
 <51477D96.4070305@rewt.org.uk>
 <A6E1A1CB-BC90-4F22-8527-20D312D2801B@gmail.com>
In-Reply-To: <A6E1A1CB-BC90-4F22-8527-20D312D2801B@gmail.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
Cc: freebsd-net@freebsd.org
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Mar 2013 21:32:25 -0000

Yoann Gini wrote:
> Le 18 mars 2013 à 21:48, Joe Holden <lists@rewt.org.uk> a écrit :
> 
>> You use something that can push configuration the client, like openvpn or run dhcp over something
> 
> Well, I really don’t understand.
> 
> From my experience, with a Cisco VPN Concentrator or a OS X VPN Server or a Windows VPN Server, you can set a L2TP VPN service with some remote config to send to the client (DNS servers, domain name, routing information [like what it for the private network and what is for the public one], and so on).
> 
> It supposed to be built-in the VPN client and server. On others platform, I don’t need to use a setup based on SSL VPN like OpenVPN and it’s not the DHCP who handle that kind of client config but the built-in mechanisms in the VPN Server (that’s the case for L2TP and PPTP).
> 
> I’m quite surprised to be front of a so difficult problem here. Routes sends to the clients are something like the 101 VPN course…
> 
> How do you handle your routing table on your VPN systems with mpd5 without having to push routes from your concentrators ?
> 
> Best regards,
> Y.
Cisco et al don't use plain l2tp/pptp - they allow the remote 
configuration of client routing.. traditional ppp doesn't allow the 
ability to push configuration to the clients outside of IP/dns/netbios 
etc, IPsec for example has this ability but straight ppp does not.

You will probably be better off by doing IPsec over L2TP as it should 
cover what you need